Malware Targets Healthcare Industry – Alarming Statistics!

By Steven Krohn · October 23, 2019

“Few industries can claim a mission more critical, data more sensitive, or operations more complex than healthcare. Unfortunately, few industries are finding it more challenging to keep it all protected.” – Proofpoint 2019 Healthcare Threat Report Introduction

Malware targets healthcare at alarming rates! At the beginning of the year, cybersecurity vendor Proofpoint released a report about malware attacks on the healthcare industry. Collating data from Q2 2018 to Q1 2019, they uncovered trends and statistics that were as intriguing as they were alarming.

It should come as no surprise that healthcare led all industries in cybersecurity occurrences in 2018. As the Proofpoint introduction states — and as we remind you again and again — few other industries are responsible for data so valuable and sensitive as healthcare is.

When it comes to cybercriminals, there are few targets anywhere nearly as attractive than the healthcare industry. Malware targets healthcare at an alarming rate

What were some of the more interesting statistics of malware attacks on the healthcare industry discovered in the Proofpoint report? Let’s take a look.

VIPs Are Not Necessarily VAPs

The Proofpoint report makes a distinction between VIPs — such as executives, CEOs, etc. — within a healthcare organization and what they refer to as VAPs — Very Attacked People.

While high-ranking employees were definitely targeted, a variety of factors were identified that indicated who cyberattacks would concentrate their efforts on.

Highly-visible or shared email accounts received a disproportionately large number of attacks. Teaching hospitals and health insurance companies received most of their attacks through alias accounts for patient information requests and patient portals, respectively.

Pharmaceutical companies received the brunt of their attacks through their head of PR, an obviously public-facing address.

For each healthcare organization hit, approximately 65 members of staff were targeted on average.

The Email Is Coming From Inside Your Organization! … Or Not – Malware Attacks Healthcare!

A staggering 95% of targeted healthcare companies received emails spoofing their own trusted domain. 100% had their domain spoofed in order to hit related targets outside of the company — such as patients and business partners.

Most concerning was that 51% of email sent from healthcare-owned domains were unverified by DMARC. This means there’s a good chance it was spoofed in order to be used later for cyberattacks.

55% of imposter email attacks featured subject lines with “payment”, “request”, “urgent” or related terms, and are overwhelmingly sent between 7AM and 1PM.

Then number of imposter emails has risen incredibly since 2017. Targeted healthcare organizations in Q1 2019 received an average of 43 imposter emails, a 300% increase over the same period two years ago. An average of 15 employees per organization were spoofed for these attacks. Malware targets healthcare.

Ransomware is Out, Botnets Are In

In 2017, ransomware was the go-to choice for many cyberattacks. Today, it’s incredibly scarce. There are many possible reasons — a decline in the value and rise in volatility in cryptocurrency tops the list as it is most ransomware’s preferred method of payment.

Other reasons included over-harvesting, increased publicity that drives up awareness of people who protect against it and/or just a preference for a more versatile attack method.

Enter botnets. Botnets are a collection of compromised computers under the control of attackers. They can be used to launch large-scale cybersecurity threats.

The malware of choice, according to Proofpoint, is Emotet, which accounted for 60% of all malicious payloads in Q1 2019.

Emotet started as a banking trojan and has now turned into a Swiss Army Knife of malware applications. It can be used as a downloader, information stealer, spambot and more — whatever the attackers want it to do.

URL-Based Threats Are On The Rise

Most people today are savvy enough not to download an unrecognized or unsolicited file.

Unfortunately, many cybersecurity attacks are now using malicious URLs instead of malicious files. 77% of email attacks on healthcare companies used this method.

Conventional wisdom used to state that downloads were for malware, URLs were for phishing — attempting to collect user login data without their knowledge.

That isn’t really the case today. Downloads can be used to phish information while URLs can be used for malware.

URLs are popular because they’re easy to set up, hide and infect with malicious code. When using a spoofed domain, often it’s more likely to get an unsuspecting victim to click on it.

We know to be weary of unsolicited files, but fewer appreciate the risk of visiting a link. Coupled with cleverly designed and written emails, it can be extremely easy to fall pray to a sophisticated URL email attack.

We can help you with peace of mind with a simple annual audit of your website that will provide you a comprehensive report outlining the issues and recommended fixes for your web development team to ensure that you are doing everything to protect the data and maintain compliance.

[…] Malicious software is one of the most prolific sources of a healthcare data breach in the world. We mentioned at the beginning that external attacks aren’t the biggest source of healthcare breaches, but they are present. […]